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(54) Computer network with modified host-to-host encryption keys. 

(57) In a computer network, each pair of host 
computers that need to exchange data packets 
establish a single host-to-host encryption/dec- 
ryption key. Then, whenever one host computer 
sends a data packet to the other host computer, 
it first forms a predefined logical combination 
of the established host-to-host key and the 
destination buffer index to which the data pack- 
et is being sent, and then uses the resulting 
value to encrypt the secure portions of the data 
packet. The destination buffer index is included 
in the data packet's header, which is not en- 
crypted. When the receiving host computer re- 
ceives the encrypted data packet, it reads the 
destination buffer index from the packet 
header, forms the same predefined logical com- 
bination of the established host-to-host key and 
the destination buffer index to generate a dec- 
ryption key, and uses the computed decryption 
key to decrypt the secure portions of the re- 
ceived data packet. If the destination buffer 
index in the received data packet has been 
modified either by noise or by an interloper, the 
decryption key computed by the receiving host 
computer will be different from the encryption 
key used by the sending host computer, and 
therefore the portions of the received data 
packet decrypted using the computed decryp- 
tion key will be unintelligible. Thus, interlopers 
are prevented from breaching the confiden- 
tiality of encrypted data. 
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The present invention relates generally to com- 
puter communication networks in which data packets 
are transmitted between network nodes, and partic- 
ularly to a computer network in which a single host- 
to-host encryption/decryption key established for 5 
each pair of host computers is modified in a prede- 
fined fashion for each transmitted data packet so as 
to thwart attempts to change the destination informa- 
tion in data packets. 

In Figure 1 is shown a small portion of a computer 1 o 
network 100 in which data packets are transmitted 
from host computers 102, 104 and 106, through 
switches 110 and 112 to host computer 114. For the 
purposes of this discussion, it can be assumed that 
the host computers are multi-user or multitasking 15 
computers with operating systems that support mul- 
tiple user address spaces. 

The receiving host computer 114 has a network 
controller 116 for receiving data packets, which de- 
crypts and error checks those data packets. The net- 20 
work controller 116 delivers each received, decrypted 
data packet to one of several buffer queues 118-1 to 
118-N in the receiving host computer's memory in ac- 
cordance with a BQI (buffer queue index) value found 
in the data packet's header. Each buffer queue 118 is 25 
associated with a different user address, and the de- 
livery mechanism used by the network controller 116 
is preferably a DMA (direct memory access) transfer. 

As shown in Figure 2, each data packet 1 30 trans- 
mitted through the network has a packet header 1 32 30 
and a packet body 134. Information typically found in 
the packet header 1 32 includes a network destination 
address 136 that indicates where the packet is being 
sent, source identification data 138 that indicates 
where the data packet 130 originated, a packet type 35 
value 140, an offset value 142 indicating the position 
of the boundary between the encrypted portion 143 
of the data packet and the unencrypted portion of the 
data packet 1 30, and a bufferqueue index (BQI) value 
1 44. The BQI value 1 44 in each packet header sped- 40 
fies which of the buffer queues 118 in the destination 
host computer the data packet should be sent to. In 
one of the two preferred embodiments, the data 
packet header 132 also includes an encrypted key 
value 146, the origin and purpose of which will be de- 45 
scribed below. 

Data packets are usually encrypted using a pri- 
vate key encryption methodology, such as DES CBC. 
Furthermore, to ensure data integrity, a CRC error 
detection code 148 is included in each packet, usually so 
at the end of the data packet, for detecting corrupted 
packets as well as for detecting packets that may 
have been tampered with in an attempt to break the 
system's security provisions. Therefore each packet 
received by the network controller 116 must be de- 55 
crypted and error checked by a CRC (cyclic redun- 
dancy check) circuit before it can be used by the host 
computer 114. 



The problem addressed by the present invention 
is as follows. When an encrypted packet arrives at a 
network controller 116, it is useful to use "cut through" 
packet processing, which means that the controller 
116 begins storing the beginning of the data packet 
in the host computer's memory at specified buffer lo- 
cation in a user address space before the end of the 
data packet has been received. Since the CRC check 
on the packet cannot completed before the end of the 
data packet has been received, this means that cut- 
through packet processing results in at least a portion 
of the data packet being delivered into a user's ad- 
dress space before the CRC check can determine 
whether or not the packet has been tampered with or 
otherwise corrupted. On the other hand, it is unac- 
ceptable to deliver a decrypted data packet to the 
wrong buffer queue 118 in the host computer, be- 
cause that might disclose confidential information to 
a user not authorized to access that information. In 
other words, it is important for security reasons that 
a data packet not be delivered to the wrong address 
if it is correctly decrypted. 

If the network controller 116 could CRC check 
the entire data packet before delivery of the data 
packet to a user's address space, the problem pre- 
sented above would not exist, but the advantages of 
cut-through packet processing would be lost 

Referring to Figure 1 , if an interloper 150 compro- 
mises the security of the computer network using a 
mechanism 152 that replaces the original BQI value 
144 in a data packet with a different BQI value, the 
network controller 1 1 6 at the destination host comput- 
er 114 will deliver the data packet to the wrong buffer 
queue in the host computer. Data packets can also be 
misdirected if the BQI value 114 in the data packet is 
corrupted by noise during transmission. 

In many computer systems, all data packets 
transmitted between two host computers are encrypt- 
ed using a single "host-to-host* 1 key that has been 
agreed upon by the two host computers. Since ex- 
changing and managing keys is typically a resource 
intensive process, using only one key exchange for 
each pair of hosts is efficient 

Using the DES CBC (cipher-block-chaining) en- 
cryption scheme, which is well known to those in the 
field, partial replacement of an encrypted packet with 
new data will not cause the packet decryption proc- 
ess to fail. In other words, portions of the packet will 
still be decrypted correctly. Clearly, in the context of 
the interloper scenario shown in Figure 1 this is not 
an acceptable result, because the interloper will be 
able not only to have the packet rerouted to the wrong 
buffer queue, but the rerouted packet will be correctly 
decrypted, at least in part, giving the wrong user on 
the host computer 114 access to potentially confiden- 
tial information. 

The goal of the present invention is to prevent 
misdelivered data packets, or data packets with des- 
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tination buffer values that have been modified after 
initial transmission of the data packet, from being suc- 
cessfully decrypted. Delivery of unintelligible "gar- 
bage" data packets, such as data packets "decrypted" 
using the wrong decryption key, does not constitute s 
a security breach. 

The invention in its broad form resides in claims 
1 , 5, 6, 9 and 1 0. Other preferred features are defined 
in the dependent claims. More specifically, described 
herein is a system and method for preventing data 10 
packets 1 whose destination buffer values have been 
modified after initial transmission of the data packet 
from being properly decrypted. Each pair of host com- 
puters that need to exchange data packets establish 
a single host-to-host encryption/decryption key. 15 
Then, whenever one host computer sends a data 
packetto the other host computer, itfirstforms a pre- 
defined logical combination of the established host- 
to-host key and the destination buffer index to which 
the data packet is being sent, and then uses the re- 20 
suiting value to encrypt the secure portions of the 
data packet. The destination buffer index is included 
in the data packet's header, which is not encrypted. 
When the receiving host computer receives the en- 
crypted data packet, it reads the destination buffer in- 25 
dex from the packet header, forms the same prede- 
fined logical combination of the established host-to- 
host key and the destination buffer index to generate 
a decryption key, and uses the computed decryption 
key to decrypt the secure portions of the received 30 
data packet. 

If the destination buffer index in the received data 
packet has been modified either by noise or by an in- 
terloper, the decryption key computed by the receiv- 
ing host computer will be different from the encryption 35 
key used by the sending host computer, and therefore 
the portions of the received data packet decrypted 
using the computed decryption key will be unintelligi- 
ble. Thus, the present invention prevents interlopers 
from breaching the confidentiality of encrypted data. 40 

A more detailed understanding of the invention 
may be had from the followng description of preferred 
embodiments, given byway of example and to be un- 
derstood in conjunction with the accompanying draw- 
ing wherein: 45 
Figure 1 is a block diagram of a portion of a com- 
puter network showing the data path of a data 
packet from a sending host computer to a destin- 
ation host computer; 

Figure 2 is a block diagram of a data packet and 50 
the data packet's header; 
Figure 3 is a block diagram of a first network con- 
troller which generates buffer dependent decryp- 
tion keys in accordance with an embodiment of 
the present invention; 55 
Figure 4 is a block diagram of a data packet used 
in conjunction with the network controller of Fig- 
ure 3; 



Figures 5A and 5B are a flow chart of the steps 
of the method of the present invention when used 
in conjunction with the network controller of Fig- 
ure 3; 

Figure 6 is a block diagram of a second network 
controller which generates buffer dependent de- 
cryption keys in accordance with an embodiment 
of the present invention; 

Figure 7 is a block diagram of a data packet used 
in conjunction with the network controller of Fig- 
ure 6; and 

Figure 8 is a flow chart of the steps of the method 
of the present invention when used in conjunction 
with the network controller of Figure 6. 
First to be described is the manner in which host- 
to-host encryption keys are established. Then the 
processing of. transmitting and receiving data packets 
will be described. 

Referring to Figure 1, the prior art provides any 
number of mechanisms for distributing encryption key 
in a network. One such methodology developed at 
the Massachusetts Institute of Technology is known 
as KERBEROS. Other methodologies are known as 
public key systems. In any case, in the context of the 
present invention, any two host computers that will 
transmit data packets therebetween must first agree 
on a "host-to-host" encryption key t hat will used to en- 
crypt the secure portions of data packets transmitted 
between those two computers. 

Typically, a different host-to-host key will be es- 
tablished for every distinct pair of host computers in 
the system 100. The methodology used to exchange 
such keys is not critical to the present invention. What 
is important is that only one host-to-host key needs 
to be established between each pair of computers, 
because the exchange of such keys is typically ex- 
pensive in terms of the system resources used. For 
instance, it would be much more burdensome to re- 
quire that every pair of users in the system exchange 
a unique encryption key. 

Exchanging and Storing Host-to-Host Encryption 
Keys 

Referring to Figure 3, each host computer's net- 
work controller 116 has an internal memory register 
200 that stores a resettable Master Key value. In the 
preferred embodiment, the Master Key is settable by 
the host computer 114, but is not readable by the host 
computer 114. Each time that the host computer 114 
is powered on or reset (i.e., each time that the host 
goes through its boot sequence), it uses a random 
number generator (preferably fed or driven by an un- 
predictable physical source) to generate a master 
key. The master key is then downloaded into the net- 
work controller 116 (e.g., via the network controller's 
loopback logic 202), and then forgotten by the host. 
Thus, a new master key will be used each time that 
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the host computer boots. 

Before exchanging data packets with any other 
host computer, the host computer 114 must first es- 
tablish a host-to-host key with that other host comput- 
er, using the sequence of operations shown as step 5 
204 in Figure 5A. When the host 114 establishes a 
host-to-host key (e.g., Host-to-Host Key AD in Figure 
3) with another host computer, each host uses its own 
network controller 116 to encrypt that key with its 
master key, generating values herein labeled {Host- 10 
to-Host Key ADJ^ste^D and {Host-to-Host Key 
AD} MaaterK6yA , where MasterKeyD and MasterKeyAare 
the master keys of the network controllers for host 
computers D and A. The two host computer's ex- 
change the encrypted keys, and then each host com- 15 
puter stores both encrypted versions of the host-to- 
host key in a Key Table 205 in its internal memory 
206, along with values identifying the other host com- 
puter. Furthermore, to help ensure the security of the 
host-to-host key, both host computers A and D forget 20 
the agreed upon host-to-host key after storing its en- 
crypted versions, and from then on use only the en- 
crypted versions stored in Key Table 205. 

Encrypting and Transmitting Data Packets 25 

Figure 4 shows that data packets 130 used with 
the first preferred embodiment of the present inven- 
tion include in the packet header the BQ1 144 (which 
specifies the buffer queue 118 in the destination host 30 
computer the data packet should be sent to) and an 
host-to-host key 146 encrypted using the receiving 
network controller's master key. 

Figure 5A is a flow chart representing the steps 
performed, from the perspective of Host D 114, in or- 35 
der for Host A 1 02 to send a data packet 130 to Host 
D (see Figure 1). Step 204, described above, compris- 
es the exchange of a host-to-host key, identified here 
as "Host-to-Host Key AD". This process of exchang- 
ing a host-to-host key, and its encrypted version, with 40 
another host computer's controller is repeated for 
each host computer with which Host D 114 will ex- 
change data packets. 

Whenever Host As controller 1 1 6 transmits a data 
packet to another host computer i (using the packet 45 
transmitter 208 portion of the network controller 116), 
t he encrypted key value {Host-to-Host Key Ai} MasterKeyl 
is stored in the packet header 132 at slot 146, as 
shown in Figure 4. The advantage of including t his en- 
crypted key value in the transmitted data packet is 50 
that the receiving hosf s network controller can com- 
pute the key value needed to decrypt the received 
data packet simply by applying decrypting this key 
value 146 using its own master key. 

In the example process of Figure 5A, at step 211 55 
Host A sends to its network controller an unencrypted 
data packet including a destination address field 136, 
the BQI field 144 and the encrypted version of Host- 



to-Host Key AD received from Host D. Host A also 
sends to its network controller the version of Host-to- 
Host Key AD encrypted by its own network controller, 
herein labelled {Host-to-Host Key AD) MasterK eyA- At 
step 212, Host As network controller decrypts the 
{Host-to-Host Key AD} Master KeyA vaJue t0 regenerate 
the encryption key {Host-to-Host Key AD}. 

In the preferred embodiment, when a Host A 102 
transmits a data packet to Host D 114, Host A selects 
a BQI value based on the user in Host D to whom the 
message is being sent (step 211). The packet trans- 
mitter (208) in Host As network controller encrypts a 
portion 143 of the data packet using an encryption 
key computed by exclusive ORing the regenerated 
host-to-host key for that pair of computers with the 
data packet's BQI value 144: 
Encryption key = (Host - to - Host Key AD) XOR 
BQI 

The use of an XOR operation for generating the 
modified encryption key is particularly efficient when 
using DEC CBC encryption because the DEC CBC 
encryption technique already requires the ability to 
perform XOR operations. 

In alternate embodiments, the encryption key 
could be computed using any predefined logical com- 
bination of the host-to-host Key and the BQI value, 
such as the value obtained by adding the two values 
together, the value obtained by subtracting the two 
values, logically ORing the two values, performing 
various bit rotations or bit shifts on either one of the 
two values prior to logically combining them, and so 
on. In fact, in the process of "logically combining " 
these two values, either one or both could be con- 
verted using a table look-up or hard-wired converter 
to make the key generation process harder for inter- 
lopers to replicate. 

After encrypting portion 143 of the data packet 
using the computed encrypting key, Host As network 
controller 116 transmits the resulting data packet to 
Host D via the communications network (step 212). 

Decrypting and Delivering Received Data Packets 

Referring to Figure 3 and 5B, when Host D's con- 
troller 116 receives a data packet (step 214) from net- 
work cable 220, the data within the packet is sequen- 
tially captured by a network interface receiver 222 
and then temporarily stored in a FIFO (first in first out) 
buffer 224. Control logic 230 reads the header of each 
received data packet from the FIFO 224 in order to 
process the BQI value (step 216) and to generate a 
decryption key (step 218). 

The BQI value 144 in the preferred embodiment 
is a 64-bit value, but only the first N bits (e.g., ten bits), 
called the BQI prefix, are actually used to identify a 
buffer queue in the host computer. The remaining 64 
minus N bits are used to verify that the BQI value in 
the packet header is valid. The network controller 116 
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includes a buffer queue table 232, which is essentially 
an internal memory array that stores a record 234 for 
each possible N-bit BQ! prefix value. Each record 234 
contains two items: a set of 64-N "check bits" 235 that 
will match the last 64-N bits of the BQI value if the BQI 5 
value is valid, and a buffer pointer 236, which is the 
buffer queue address in the host computer's memory 
240 associated with a particular user. 

To verify the BQI value 1 44 in a particular packet, 
the control logic 230 retrieves the record 234 in the 10 
buffer queue table 232 corresponding to the BQI pre- 
fix. In other words, the control logic 230 uses the BQI 
prefix to address one record 234 in the table 232. It 
then compares the BQI check bits 235 from that re- 
cord with the corresponding bits of the packet's BQI 15 
value, and if they match, indicating that the BQI value 
is valid, then the control logic 230 loads the buffer 
pointer 236 from that record into the output buffer 
242. If the comparison of the BQI check bits determi- 
nes that the BQI value is invalid, the data packet is 20 
delivered to a special buffer queue (e.g., the buffer 
queue associated with BQI = 0). See step 216 in Fig- 
ure 4. Software in the host computer can then decide 
whether to discard or otherwise handle data packets 
with invalid BQI values. 25 

After processing the BQI value, the next step is 
to generate a decryption key for decrypting the en- 
crypted portion 143 of the received data packet In 
the preferred embodiment, a key logic circuit 244 
within the control logic 230, performs a two step proc- 30 
ess to generate the decryption key. The first step (A) 
of this process is to decrypt the encrypted key 146 in 
the data packet using its own Master Key. The second 
step (B) is to then compute the decryption key to be 
used with this packet by logically combining the de- 35 
crypted host-to-host key value with the BQI value for 
the packet using the same key generation function 
as the sending host's network controller. In the pre- 
ferred embodiment where the XOR operation is used 
to generate the encryption key, the decryption key 40 
generation function is: 

Decryption key = (decrypted Host - to - Host Key) 
XOR BQI 

See step 218 in Figure 4. Thus a different decryp- 
tion key is generated for data packets from the same 45 
host computer if their BQI values are different (i.e., if 
their destination buffer queues in Host D are differ- 
ent). 

Next, the control logic 230 initiates the process of 
transmitting the data packet to the host computer 114 so 
(step 245 in Figure 4). It should be remembered that 
at this point in time a portion 143 of the data packet 
is still encrypted, and furthermore that the data pack- 
et has not yet been error checked. The process of de- 
crypting and error checking the data packet is pipe- 55 
lined so that it is performed as the data is transmitted 
to the host computer 114, preferably using DMA (di- 
rect memory access) data transmission. This is also 



known as cut-through processing of the data packet. 
In particular, the control logic 230 loads the computed 
decryption key into decryption circuit 246, and then 
routes the data packet through the decryption circuit 
246. Under the control of control logic 230, the de- 
cryption circuit 246 passes the unencrypted portion 
of the data packet in unmodified form, and decrypts 
the encrypted portion 143 of the data packet. As por- 
tions of data packet emerge from the decryption cir- 
cuit 246, they are error checked, in pipelined fashion, 
by CRC check circuit 248. In the preferred embodi- 
ment, the data packet is encrypted and decrypted us- 
ing the DES CBC method. 

From the CRC check circuit 248 the data packet 
is transmitted to the host computer 114 via an output 
buffer 242 that typically contains DMA logic circuitry 
for directly storing the data packet in the host comput- 
er's memory. While only a small amount of informa- 
tion is processed by the decryption and error check- 
ing circuits 246, 248 at any one time, the entire packet 
is sequentially processed by these circuits as the 
data packet is transmitted to the host computer 114. 

The CRC check circuit 248 accumulates a CRC 
value for the entire data packet, and sends an error 
signal to the control logic 230 if the final CRC value 
indicates that the-data packet contains invalid data. 
If the CRC circuit 248 determines that the packet has 
invalid data, the control logic 230 sends a special 
command to the output buffer 242, which then loads 
an error message into the memory of the host com- 
puter 114. This error message is sent to the host com- 
puter immediately after the end of the packet is sent. 
The host computer 114 is typically programmed to 
look for such error messages from the controller 116 
in a particular portion of its memory and to discard 
any received packets that are flagged as being invalid 
by an error message. 

However, it would be possible for a user to pro- 
gram the host computer to ignore CRC error messag- 
es, thereby allowing the user to access the delivered 
data packet. If an interloper had modified the data 
packet's BQI value, that would cause a CRC error to 
be detected. Since the programming in the host com- 
puter cannot be relied upon to discard data packets 
having CRC errors, however, the present invention 
causes the encrypted portions of the misdelivered 
data packet to be unintelligible, because those por- 
tions of the data packet are "decrypted" using a dif- 
ferent key than the encryption key used by the pack- 
ef s sender. 

In summary, even though a single "host-to-host" 
encryption key is established for each pair of host 
computers, the actual encryption key used to encrypt 
each transmitted data packet is a logical combination 
of the established "host-to-hosf encryption key and 
the packet's buffer queue index, which indicates the 
user or buffer queue in the destination- host to which 
the packet is being sent. This technique prevents an 
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interloper from receiving a decrypted data packet that 
was addressed to another user. If the interloper modi- 
fies the data packet's BQI in order to reroute the data 
packet to himself or any other user than the intended 
recipient, the receiving network controller will use an 5 
invalid decryption key to decrypt the encrypted por- 
tions of the data packet, which will cause the interlop- 
er to receive a garbled data packet that does not dis- 
close the information in the encrypted portion of the 
data packet. 10 

SECOND PREFERRED EMBODIMENT OF 
NETWORK CONTROLLER 

Referring to Figures 6, 7 and 8, only the differenc- 15 
es between this second embodiment and the above- 
described embodiment will be described below. In the 
second preferred embodiment of the invention, the 
network controller 316 as shown in Figure 6 does not 
have a master key stored in a register and the trans- 20 
mitted data packets (the header of which is shown in 
Figure 7) do not include an encoded host-to-host key. 
Instead, the host-to-host keys are stored in a Key Ta- 
ble 318 in the network controller 316, and each data 
packet header includes a Keylndex value in field 1 38 25 
(see Figure 7) indicating where in the receiving net- 
work controller's Key Table 318 the associated host- 
to-host key is located. 

Establishing and Storing Host-to-Host Keys 30 

As in the first preferred embodiment, before ex- 
changing data packets with any other host computer, 
the host computer 114 must first establish a host-to- 
host key with that other host computer, using the se- 35 
quence of operations shown as step 320 in Figure 5A. 
As a preliminary matter, each host computer main- 
tains a Key Index Table 322 for storing information 
concerning the host-to-host keys stored in its Net- 
work Controller's Key Table 318. Each time that the 40 
host computer is powered up or reset (i.e., each time 
that the host computer boots), both the Key Index Ta- 
ble 322 in the host's memory and the Key Table 318 
in the Network Controller 316 are cleared. Each suc- 
cessive row in the hosfs Key Index table 322 stores 45 
information concerning the corresponding entry in 
the Key Table 318. In particular, for each host-to-host 
key stored in the Key Table 3 1 8, t he host computer re- 
tains identification data concerning the other host 
computer associated with that key, a destination ad- so 
dress for that other host, a first Keylndex value 
(shown as KeylndexD in Figure 6) indicating where in 
the Network Controller's Key Table the associated 
host-to-host key is stored, and a second Keylndex 
value (shown as KeylndexA/B/C in Figure 6) indicates 55 
where the associated host-to-host key is stored in the 
Network Controller of the other the host computer. 
The first Keylndex value is actually not included in the 



Key Index Table 322 since it is equal to the row num- 
ber of the table 322, but is shown in Figure 6 to make 
the data structure easier to understand. 

During the exchange of host-to-host key informa- 
tion with another host computer, the Keylndex value 
sent by Host D 114 identifies the first empty row of its 
Key Index Table 322. 

When the host 114 establishes a host-to-host key 
(e.g., Host-to-Host Key AD in Figure 6) with another 
host computer, each host downloads the host-to-host 
key into its own network controller 316, makes a cor- 
responding entry in its Key Index Table 322 in the 
host's memory 206. Furthermore, to help ensure the 
security of the host-to-host key, both host computers 
A and D forget the agreed upon host-to-host key after 
storing it in their network controllers. 

It should be noted that the host-to-host keys are 
stored only in the host controller's internal memory 
array 200, which is not accessible by the host com- 
puter 114 or any another host computer in the net- 
work. Securing the host-to-host keys in this way 
helps to prevent interlopers from obtaining copies of 
these keys, which would result in a breach in system 
security. 

Encrypting and Transmitting Data Packets 

The flow chart in Figure 8 represents the steps 
performed in order for Host A 1 02 to send a data pack- 
et 130 to Host D. It is assumed at this point that the 
exchange of a host-to-host key by the two host com- 
puters has already been accomplished. 

Referring to Step 326 of Figure 8, whenever Host 
A transmits a data packet to another host computer i 
(using the packet transmitter 208 portion of the net- 
work controller 3 16), Host A constructs an unencrypt- 
ed data packet in which field 1 38 of the packet header 
stores the Keylndex value that identifies which slot in 
the other host computer's Key Table holds the key 
needed to decrypt the data packet. As before, a BQI 
value is stored in field 144. Host A sends to its net- 
work controller 316 the constructed (unencrypted) 
data packet, a Key Index value that identifies which 
slot in its own controller's Key Table 31 8 holds the key 
needed to encrypt the data packet, and the destina- 
tion address for the data packet. 

In step 328, the network controller 316 for Host 
A retrieves the Host-to-Host Key In its Key Table 318 
identified by the specified Key Index received from its 
host. The packet transmitter (208) in Host As network 
controller encrypts a portion 143 of the data packet 
using an encryption key computed by exclusive OR- 
ing the retrieved {Host-to-Host Key AD} with the data 
packet's BQI value 144, and then Host As network 
controller 116 transmits the resulting data packet to 
Host D via the communications network. 
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Decrypting and Delivering Received Data Packets 

The steps (214 and 216) for receiving the trans- 
mitted data packet and processing the BQI value in 
the received data packet are the same as in the first 5 
preferred embodiment The next step 330, which is 
constructing the decryption key to be used to decrypt 
the received data packet, differs from the first prefer- 
red embodiment In particular, the key logic circuit 
332 within the control logic 230 retrieves from the Key 10 
Table 318 the host-to-host key identified by the Key- 
Index value in field 138 of the received data packet 
The key logic circuit 332 then computes the decryp- 
tion key to be used with this packet by logically com- 
bining the retrieved host-to-host key value with the 15 
BQI value for the packet, using the same key gener- 
ation function as the sending hosfs network control- 
ler: 

Decryption key = (retrieved Host - to - Host Key) 

XOR BQ| 20 

Step 245 for decrypting the encrypted portions of 
the received data packet and delivering the decrypt- 
ed data packet to the specified buffer queue in the 
host computer are the same as in the first preferred 
embodiment 25 

While the present invention has been described 
with reference to a few specific embodiments, the de- 
scription is illustrative of the invention and is not to be 
construed as limiting the invention. Various modifica- 
tions may occur to those skilled in the art without de- 30 
parting from the true spirit and scope of the invention. 

Claims 

35 

1. A computer network packet receiver, coupled to 
a first host computer 

packets originated by other host computers are 
received, the computer network packet receiver 
comprising: 40 

key storage means (300) for storing a mas- 
ter key; 

receiver means (222) coupled to the com- 
puter network for receiving data packets (130), 
wherein each received data packet Includes (A) a 45 
first, unencrypted portion in which is stored a buf- 
fer queue value corresponding to a memory ad- 
dress in the first host computer to which the data - 
packet is to be delivered, (B) an encrypted host- 
to-host key, and (C) a second portion that is en- so 
crypted; 

logic means (230), coupled to the receiver 
means and the key storage means, for (A) ex- 
tracting from each received data packet the buf- 
fer queue value, (B) decrypting with the master 55 
key the encrypted host-to-host key in each re- 
ceived data packet, and (C) generating a corre- 
sponding decryption key by computing a prede- 



fined combination of (1) the extracted . buffer 
queue value and (2) the decrypted host-to-host 
key for each received data packet; 

packet processing means (246), coupled 
to the logic means, for decrypting the second 
portion of each received data packet using the 
corresponding decryption key generated by the 
logic means, and for delivering the first portion 
and second decrypted second portion of the 
each received data packet to the memory ad- 
dress in the first host computer corresponding to 
each received data packet's buffer queue value. 

2. A network packet receiver as claimed in claim 1 , 
wherein each received data packet incorporates 
an embedded error checking value to enable er- 
ror checking thereof, the packet procesing 
means including means (248) for error checking 
each received data packet as it is delivered to the 
first host computer. 

3. A network packet receiver as claimed in claim 1 , 
wherein each received data packet incorporates 
an embedded error checking value to enable er- 
ror checking thereof; 

said packet processing means including pipe- 
lined decryption means and error checking 
means (246,248) that, respectively, decrypt the 
encrypted portion of each received data packet 
and error check each received data packet as 
said each received data packet is delivered to the 
first host computer. 

4. A network packet receiver as claimed in claim 1 , 
wherein the logic means generates the corre- 
sponding decryption key by exclusive ORing the 
extracted buffer queue value with the decrypted 
host-to-host key for each received data packet. 

5. A computer system, comprising: 

a multiplicity of host computers 
(102,104,106,114), each host computer having a 
corresponding network controller (116) that cou- 
ples the host computer (114) to a common com- 
puter network; 

means for establishing, for each pair of 
host computers of said multiplicity of host com- 
puters that will transmit data packets therebetw- 
een, a host-to-host encryption key; 

each network controller including packet 
transmitting means (208) for transmitting data 
packets, originated by its corresponding host 
computer, to other ones of the multiplicity of host 
computers via the computer network, and packet 
receiving means (222) coupled to the computer 
network for receiving data packets; 

wherein each transmitted data packet in- 
cludes (A) a first, unencrypted portion in which is 
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stored source identifying data indicating that the 
corresponding host computer originated the data 
packet and a buffer queue value corresponding 
to a memory address in a specified one of the 
multiplicity of host computers to which the data 5 
packet is to be delivered, and (B) a second por- 
tion that is encrypted; > 

the packet transmitting means of each net- 
work controller including means for encrypting 
the second portion of each data packet transmit- 10 
ted thereby using an encryption key comprising 
a predefined combination of (1) the transmitted 
data packet's buffer queue value and (2) the es- 
tablished host-to- host encryption key corre- 
sponding to the pair of host computers compris- 15 
ing the originating host computer and the speci- 
fied one of the multiplicity of host computers to 
which the data packet is being transmitted; 

the packet receiving means of said each 
network controller including 20 
first logic means (230) for extracting from each re- 
ceived data packet the buffer queue value, sec- 
ond logic means for determining said established 
host-to-host encryption key corresponding to the 
one of the multiplicity of -host computers that or- 25 
iginated each received data packet, and decryp- 
tion key generating means for generating a cor- 
responding decryption key by computing the pre- 
defined combination of (1) the extracted buffer 
queue value and (2) the determined host-to-host 30 
encryption key for each received data packet; 

the packet receiving means of each net- 
work controller further including packet process- 
ing means (246), for decrypting the second por- 
tion of said each received data packet using the 35 
corresponding decryption key generated by the 
decryption key generating means, and for deliv- 
ering the. first portion and second decrypted sec- 
ond portion of each received data packet to the 
memory address in the network controller's ho 40 
st computer corresponding to each received data 
packet's buffer queue value. 

6. A method of receiving at a first host computer 
(114) data packets originated by other host com- 45 
puters (102,104,106) and transmitted therebetw- 
een via a communications network, the steps of 
the method comprising: 

receiving atthe first host computer data 
packets from the communications network, 50 
wherein each received data packet includes (A) a 
first, unencrypted portion in which is stored a buf- 
fer queue value corresponding to a memory ad- 
dress in the first host computer to which the data 
packet is to be delivered, (B) an encrypted host- 55 
to-host key, and (C) a second portion that is en- 
crypted; 

extracting from each received data packet 



the buffer queue value; 

decrypting, using a predefined master 
key, the encrypted host-to-host key in each re- 
ceived data packet; 

generating a decryption key correspond- 
ing to each received data packet by computing a 
predefined combination of (1) the extracted buf- 
fer queue value and (2) the decrypted host-to- 
host key for each received data packet; 

decrypting the second portion of each re- 
ceived data packet using the corresponding de- 
cryption key computed by the generating step, 
and delivering the first portion and second de- 
crypted second portion of the each received data 
packet to the memory address in the first host 
computer corresponding to each received data 
packet's buffer queue value. 

7. A method as claimed in claim 6, 

each received data packet incor- 
porating an embedded error checking value to 
enable error checking thereof; 

the method further including error check- 
ing each received data packet as it is delivered to 
the first host computer. 

8. A method as claimed in claim 6, 

the generating step including exclusive ORing 
the extracted buffer queue value with the de- 
crypted host-to-host key for each received data 
packet 

9. A method of receiving at first computer (114) data 
packets originated by other host computers 
(102,104 106) and transmitted therebetween via 
a communications network, the steps of the 
method comprising: 

establishing a single host-to-host key for 
each host computer from which the first host 
computer may receive data packets; 

receiving at the first host computer data 
packets from the communications network, 
wherein each received data packet includes (A) a 
first, unencrypted portion in which is stored 
source identifying data indicating which other 
host computer originated the data packet and a 
buffer queue value corresponding to a memory 
address in the first host computer to which the 
data packet is to be delivered, and (B) a second 
portion that is encrypted; 

extracting from each received data packet 
the buffer queue value; 

determining the established host-to-host 
key corresponding to the host computer that ori- 
ginated each received data packet; 

generating a decryption key correspond- 
ing to each received data packet by computing a 
predefined combination of (1) the extracted buf- 
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fer queue value and (2) said determined host-to- 
host key for each received data packet; 

decrypting the second portion of each re- 
ceived data packet using the corresponding de- 
cryption key computed by the generating step, s 
and delivering the first portion and second de- 
crypted second portion of each received data 
packet to the memory address in the first host 
computer corresponding to the each received 
data packet's buffer queue value. 10 

10. Amethod of transmitting data packets between a 
multiplicity of host-computers (114,102,104,106) 
via a communications network, the steps of the 
method comprising: 15 

establishing, for each pair of host comput- 
ers of the multiplicity of host computers that will 
transmit data packets therebetween, a host-to- 
host encryption key; 

each host computer transmitting data 20 
packets to other ones of the multiplicity of host 
computers via the communications network; 
each transmitted data packet including (A) a first, 
unencrypted portion in which is stored source 
identifying data indicating an originating host 25 
computer, comprising a first one of the multiplicity 
of host computers that originated the data pack- 
et, and a buffer queue value corresponding to a 
memory address in a destination host computer, 
comprising a second one of the multiplicity of 30 
host computers to which the data packet is to be 
delivered, and (B) a second portion; 

before transmitting each data packet, en- 
crypting the second portion of each data packet 
using an encryption key comprising a predefined 35 
combination of (1) each data packet's buffer 
queue value and (2) the established host-to-host 
encryption key corresponding to the pair of host 
computers comprising the originating host com- 
puter and the destination host computer associ- 40 
ated with each data packet; 

upon receiving a data packet at any one of 
the multiplicity of host computers: extracting from 
each received data packet the buffer queue val- 
ue; determining the established host-to-host en- 45 
cryption key corresponding to the one of the mul- 
tiplicity of host computers that originated each re- 
ceived data packet; generating a decryption key 
by computing a predefined combination of (1) the 
extracted buffer queue value and (2) the deter- 50 
mined host-to-host encryption key for the re- 
ceived data packet; decrypting the second por- 
tion of each received data packet using the gen- 
erated decryption key; and delivering the re- 
ceived data packet, with the second portion de- 55 
crypted, to the memory address in the network 
controller's host computer corresponding to the 
received data packet's buffer queue value. 



9 



EP 0 582 395 A2 



^102 



150 



100 



112 




Data Packets 
1,2, and 3 



104 











Data 






Packet 3 




^106 


HostC 





PRIOR ART 



FIGURE 1 



114 







Buffers 






118-1 




/ 




118-2 




N 




118-3 






118-4 








• 
• 








HostD 



Network 

Controller 

116 




DATA 
PACKET 



132 
Unencrypted 
Portion of 
Data Packet 



Encrypted 
Portion of 
Data Packet 
143 



Packet 
Header 



Packet 
Body 



CRC 



^T32 
I L 



Destination Address 



Source Identification Data 
or Keylndex 



Packet Type 



Offset To Encrypted Data 



BQI (Buffer Queue Index) 



{Host To Host Key} 



MasterKey 




"134 
-148 

FIGURE 2 



10 



EP0 582 395 A2 



HoslA ID 


HostA Adr 


{HtHKeyAD) MastorKeyD 


{HtH Key AD} 

MasterKeyA 


HostB ID 


HosiB Adr 


{H1H Key BD} ^ as j or ^ 0 yO 


{HtH Key BD} 

MasterKeyB 


• 
• 
• 


• 
• 
• 


• 
• 
• 


• 
• 
• 









<D 






CNJ 
t 

GO 




Key TabI 


Memory 


• • • 


CO 


206 






T— 





Host Computer D 



205 



CPU 



I 



1 DMA Interface 1 



114 



Loopback J Packet 
Logic i Transmitter 
202 J 203. 



220 



Network 
Cable 



242 



Output Buffer 



i 



Buffer Address 



<24S 



CRC Check 
Circuit 



£ 



246 



DES CBC 
Decryption 
Circuit 



->JlM£ 



200 



244 

1 ^ 



MasterKsyD 



I 



Control 
Signals, 
Error 
Msg 



Key | Output 
Logic fjl I Logic 

• § Control 
b Q'!___°j Logic 
230 



Buffer 
Queue 
Table 
232^ 



BQI 



Match 



£ 



224 



FIFO 



T 



234 



234 



234 



!35 



BQI Check Bits Buffer Ptr 



t 



d 



'36 



£ 



222 



Network Interface Receiver 



116 



Network Cable 



FIGURE 3 



220 



11 



EP0 582 395 A2 



214 




Host D's Network Controller Receives Data Packet 
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Look Up Buffer Pointer in BQI Table, Check validity of BQI value, and 

Send Buffer Pointer to Output Buffer is BQI value is Valid, 

If BQI value is invalid, set Buffer Pointer to Default Value (~BQI=0). 
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Compute Key Value For Decrypting Data Packet: 

(A) Decrypt Key Field 146 with MasterKeyD -> Key1 

(B) Keyl XOR BQI -> Key 
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Decrypt the encrypted portions of the Data Packet with computed 
Key, and CRC check Data Packet, while transmitting Data Packet 
to Host D computer. 

If CRC check fails, send error message to Host D. 
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^204 

Hosts A and D exchange {Host-to-Host Key AD} using predefined 
secure protocol. 

Each Host uses its own controller to Encrypt {Host-to-Host Key AD} 
with Master Key, yielding: 

{Host-to-Host Key ADL . _ A „ 
7 'MasterKeyA or D 

and then sends the encrypted key to the other host. 

Both hosts store sent and received encrypted {Host-to-Host Key AD} 
in Host memory and forget unencrypted {Host-to-Host Key AD}. 



Host A generates Datapacket including fields BQI field 144 and 
key field 146 with encrypted version of Host-to-Host Key AD 
received from Host D. (See Figure 6.) 

Host A sends to Network Controller a Data Packet, Destination 
Address for Host D, BQI, and {Host-to-Host KeyADl . 

MasterKeyA 



V212 
l i 



Host A's Network Controller 

(A) Decrypts {Host-to-Host Key AD} Master|<eyA 

with its MasterKeyA to generate {Host-to-Host Key AD}; 

(B) Encrypts a portion of Data Packet using 
Encryption Key = {Host-to-Host Key AD} XOR BQI 

(and then (C) sends Data Packet to Host D 
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Hosts A and D exchange {Host-to-Host Key AD} ( and Keylndex 
values using predefined secure protocol. Note that each Host 
keeps track of next unused slot in its Network Controller's Key Table 
318, and includes a Keylndex value in the exchanged information. 



Each host stores (Host-to-Host Key AD} in its Network Controller, 
and then forgets {Host-to-Host Key AD}. 
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Network Controller for Host A: 

(A) Retrieves {Host-to-Host Key AD} from Key Array using KeylndexA; 

(B) Encrypts a portion of Data Packet using 
Encryption Key = {Host-to-Host Key AD} XOR BQI 



and then (C) sends Data Packet to Host D 
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Look Up Buffer Pointer in BQI Table, Check validity of BQI value, and 

Send Buffer Pointer to Output Buffer is BQI value is Valid. 

If BQI value is invalid, set Buffer Pointer to Default Value (~BQI=0). 
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Compute Key Value For Decrypting Data Packet: 

(A) Retrieve Key from Key Table using KeylndexD in Data Packet -> Key1 

(B) Key1 XOR BQI T > Key 
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Decrypt the encrypted portions of the Data Packet with computed 
Key, and CRC check Data Packet, while transmitting Data Packet 
to Host computer. 

If CRC check fails, send error message to Host D. 
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